Sword & Shield Enterprise Security, Inc. - Security Advisory www.sses.net, Copyright (c) 2000 SUMMARY - ------- The TalentSoft Web+ server allows users to read arbitrary data files on the Web server running the webpsvr daemon. By entering a crafted URL any user with a browser can retrieve files that the webpsvr daemon itself has access to. http://yourhost.com/cgi-bin/webplus?script=/../../../../etc/passwd